Evergreen Reporter

The Department of Justice, in collaboration with the Netherlands, Belgium, Eurojust, and other partners, has announced an international effort to disrupt the operations of RedLine Infostealer and META Infostealer. These malware variants have targeted millions of computers globally.

The Justice Department, along with the FBI, Naval Criminal Investigative Service, IRS Criminal Investigation, Defense Criminal Investigative Service, and Army Criminal Investigation Division, joined international partners in Operation Magnus. This initiative is supported by Europol through the Joint Cybercrime Action Taskforce (JCAT). The operation involved seizing domains, servers, and Telegram accounts used by the administrators of RedLine and META.

Authorities have set up a website at www.operation-magnus.com to provide resources for the public and potential victims.

Infostealers like RedLine and META are used to steal sensitive information such as usernames, passwords, financial details, system information, cookies, and cryptocurrency accounts from victim computers. The stolen data is sold on cybercrime forums for further fraudulent activities. These infostealers can bypass multi-factor authentication by stealing authentication cookies.

RedLine and META operate under a decentralized Malware as a Service (MaaS) model. Affiliates purchase licenses to use the malware for their campaigns. Distribution methods include malvertising, email phishing, fraudulent software downloads, and malicious software sideloading. Various schemes have been employed to trick victims into downloading the malware.

Law enforcement has collected victim log data from computers infected with RedLine and META. Millions of unique credentials have been identified so far. However, authorities believe they do not possess all stolen data and continue to investigate.

A warrant issued in the Western District of Texas authorized law enforcement to seize two domains used by RedLine and META for command and control purposes.

In conjunction with these efforts, charges have been unsealed against Maxim Rudometov for his role as a developer and administrator of RedLine Infostealer. Rudometov faces charges including access device fraud under 18 U.S.C. § 1029; conspiracy to commit computer intrusion under 18 U.S.C. §§ 1030 and 371; and money laundering under 18 U.S.C. § 1956. If convicted on all counts, he could face up to 35 years in prison.

The FBI Austin Cyber Task Force is investigating this case with participation from various agencies including the Naval Criminal Investigative Service and IRS Criminal Investigation.

Assistant U.S. Attorney G. Karthik Srinivasan is prosecuting the case with support from the Justice Department’s Cybercrime Liaison Prosecutor to Eurojust.

Operation Magnus involves multiple international agencies such as the Dutch National Police, Belgian Federal Police, United Kingdom National Crime Agency among others in investigating these infostealers.